Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
-
1
Overview
- 1.1 What Security Means
- 1.2 Security Plug-ins
- 1.3 ATMI Security Capabilities
- 1.4 Operating System (OS) Security
- 1.5 Authentication
- 1.6 Authorization
- 1.7 Auditing
- 1.8 Link-Level Encryption
-
1.9
TLS Encryption
- 1.9.1 How the TLS Protocol Works
- 1.9.2 Requirements for Using the TLS Protocol
- 1.9.3 TLS Version Negotiation and Configuration
- 1.9.4 Encryption Key Size Negotiation
- 1.9.5 Backward Compatibility of TLS
- 1.9.6 WSL/WSH Connection Timeout During Initialization
- 1.9.7 Supported Cipher Suites
- 1.9.8 TLS Installation
- 1.10 Public Key Security
- 1.11 Message-based Digital Signature
- 1.12 Message-based Encryption
- 1.13 Public Key Implementation
- 1.14 Default Authentication and Authorization
- 1.15 Security Interoperability
-
1.16
Security Compatibility
- 1.16.1 Mixing Default/Custom Authentication and Authorization
- 1.16.2 Mixing Default/Custom Authentication and Auditing
-
1.16.3
Compatibility Issues for Public Key Security
- 1.16.3.1 Compatibility/Interaction with Data-dependent Routing
- 1.16.3.2 Compatibility/Interaction with Threads
- 1.16.3.3 Compatibility/Interaction with the EventBroker
- 1.16.3.4 Compatibility/Interaction with /Q
- 1.16.3.5 Compatibility/Interaction with Transactions
- 1.16.3.6 Compatibility/Interaction with Domain Gateways
- 1.16.3.7 Compatibility/Interaction with Other Vendors’ Gateways
- 1.17 Denial-of-Service (DoS) Defense
- 1.18 Password Pair Protection
-
2
Administering Security
- 2.1 What Administering Security Means
- 2.2 Security Administration Tasks
- 2.3 Setting the Oracle Tuxedo Registry
- 2.4 Configuring an ATMI Application for Security
- 2.5 Setting Up the Administration Environment
- 2.6 Administering Authentication
- 2.7 Specifying Principal Names
- 2.8 Mandating Interoperability Policy
- 2.9 Establishing a Link Between Domains
- 2.10 Setting ACL Policy
- 2.11 Setting Credential Policy
- 2.12 Administering Authorization
- 2.13 Administering Link-Level Encryption
-
2.14
Administering TLS Encryption
- 2.14.1 Understanding TLS min and max Values
- 2.14.2 How to Configure TLS on Workstation Client Links
- 2.14.3 How to Configure TLS on Bridge Links
- 2.14.4 How to Configure TLS on tlisten Links
- 2.14.5 How to Configure TLS on Domain Gateway Links
- 2.14.6 Development Process for the TLS Protocol
- 2.14.7 Creating an Oracle Wallet
- 2.14.8 Runtime Creation of an Oracle Wallet
- 2.14.9 Use of the TUXCREATEWALLET Environment Variable
- 2.14.10 Debugging TLS Connection Problems
-
2.15
Administering Public Key Security
- 2.15.1 Recommended Practices for Public Key Security
- 2.15.2 Assigning Public-Private Key Pairs
-
2.15.3
Setting Digital Signature Policy
- 2.15.3.1 Setting a Postdated Limit for Signature Timestamps
- 2.15.3.2 Setting a Predated Limit for Signature Timestamps
- 2.15.3.3 Enforcing the Signature Policy for Incoming Messages
- 2.15.3.4 How the EventBroker Signature Policy Is Enforced
- 2.15.3.5 How the /Q Signature Policy Is Enforced
- 2.15.3.6 How the Remote Client Signature Policy Is Enforced
- 2.15.4 Setting Encryption Policy
- 2.15.5 Initializing Decryption Keys Through the Plug-ins
- 2.15.6 Failure Reporting and Auditing
- 2.16 Administering Default Authentication and Authorization
- 2.17 How to Enable Application Password Security
- 2.18 How to Enable User-Level Authentication Security
- 2.19 Enabling Access Control Security
- 2.20 Using the Kerberos Authentication Plug-in
- 2.21 Kerberos Plug-In
- 2.22 Kerberos Plug-In Pre-configuration
- 2.23 Kerberos Plug-In Configuration
- 2.24 Using the Cert-C PKI Encryption Plug-in
- 2.25 Cert-C PKI Encryption Plug-In
- 2.26 Cert-C PKI Encryption Plug-In Pre-configuration
- 2.27 Cert-C PKI Encryption Plug-In Configuration
-
3
Programming Security
- 3.1 What Programming Security Means
- 3.2 Programming an ATMI Application with Security
- 3.3 Setting Up the Programming Environment
- 3.4 Writing Security Code So Client Programs Can Join the ATMI Application
- 3.5 Getting Security Data
- 3.6 Joining the ATMI Application
- 3.7 Writing Security Code to Protect Data Integrity and Privacy
-
3.8
Sending and Receiving Signed Messages
-
3.8.1
Writing Code to Send Signed Messages
- 3.8.1.1 Step 1: Opening a Key Handle for Digital Signature
- 3.8.1.2 Step 2 (Optional): Getting Key Handle Information
- 3.8.1.3 Step 3 (Optional): Changing Key Handle Information
- 3.8.1.4 Step 4: Allocating a Buffer and Putting a Message in the Buffer
- 3.8.1.5 Step 5: Marking the Buffer for Digital Signature
- 3.8.1.6 Step 6: Sending the Message
- 3.8.1.7 Step 7: Closing the Signer’s Key Handle
- 3.8.1.8 How the System Generates a Digital Signature
- 3.8.2 How a Signed Message Is Received
-
3.8.1
Writing Code to Send Signed Messages
-
3.9
Sending and Receiving Encrypted Messages
-
3.9.1
Writing Code to Send Encrypted Messages
- 3.9.1.1 Step 1: Opening a Key Handle for Encryption
- 3.9.1.2 Step 2 (Optional): Getting Key Handle Information
- 3.9.1.3 Step 3 (Optional): Changing Key Handle Information
- 3.9.1.4 Step 4: Allocating a Buffer and Putting a Message in the Buffer
- 3.9.1.5 Step 5: Marking the Buffer for Encryption
- 3.9.1.6 Step 6: Sending the Message
- 3.9.1.7 Step 7: Closing the Encryption Key Handle
- 3.9.1.8 How the System Encrypts a Message Buffer
- 3.9.2 Writing Code to Receive Encrypted Messages
-
3.9.1
Writing Code to Send Encrypted Messages
- 3.10 Examining Digital Signature and Encryption Information
- 3.11 Externalizing Typed Message Buffers
- 4 Quick Reference for TLS Support
-
5
Implementing Single Point Security Administration
- 5.1 What Single Point Security Administration Means
-
5.2
Setting up LAUTHSVR as the Authentication Server
- 5.2.1 LAUTHSVR Command Line Interface
- 5.2.2 Setting Up the LAUTHSVR Configuration File
- 5.2.3 Example UBBCONFIG Using LAUTHSVR
- 5.2.4 Using Multiple Network Addresses for High Availability
- 5.2.5 Configuring the Database Search Order
- 5.2.6 Using tpmigldap to Migrate User Information to WebLogic Server
- 5.2.7 Adding New Tuxedo User Information
- 5.3 Setting up GAUTHSVR as the Authentication Server
-
5.4
Setting up OAUTHSVR as the Authentication Server
- 5.4.1 Setting Up the OAUTHSVR Configuration File
- 5.4.2 /T DOMAIN Support
- 5.4.3 Oracle SALT Support
- 5.4.4 WTC Support
- 5.4.5 Oracle JCA Support
-
6
Integrating Audit with Oracle
Platform Security Services (OPSS)
- 6.1 Overview
- 6.2 Components and Deployment
- 6.3 Configurations
- 6.4 Administration